Primitive Roots

Relevant For...

Let \( n \) be a positive integer. A primitive rootmod \( n \) is an integer \( g \) such that every integer relatively prime to \( n \) is congruent to a power of \( g \) mod \( n \). That is, the integer \( g \) is a primitive root (mod \(n\)) if for every number \(a\) relatively prime to \(n\) there is an integer \(z\) such that \(a \equiv (g^z \pmod{n})\).

\( 4 \) is not a primitive root mod \( 5 \), because for every number relatively prime to 5 (again: 1, 2, 3, 4) there is not a power of \( 4 \) that is congruent. Powers of 4 (mod 5) are only congruent to 1 or 4. There is no power of 4 that is congruent to 2 or 3.
\(4^0 = 1,\,\,\) \(1\pmod{5} = 1\)
\(4^1 = 4,\,\,\) \(4\pmod{5} = 4\)
\(4^2 = 16,\,\,\) \(16\pmod{5} = 1\)
\(4^3 = 64,\,\,\) \(64 \pmod{5}= 4\) And the pattern continues

When primitive roots exist, it is often very convenient to use them in proofs and explicit constructions; for instance, if \( p \) is an odd prime and \( g \) is a primitive root mod \( p \), the quadratic residues mod \( p \) are precisely the even powers of the primitive root. Primitive roots are also important in cryptological applications involving the discrete log problem, most notably the Diffie-Hellman key exchange protocol.

Background and motivation

The set \( {\mathbb Z}_n^*\) has an important property: it is closed under multiplication mod n. That is, if \( a,b \in {\mathbb Z}_n^* \), and \( c \) is the positive integer less than \( n \) which is congruent to \( ab\) mod \( n\), then \( c \in {\mathbb Z}_n^*\) as well. This is because \( ab\) and \(n \) have no common factor (by unique factorization), and so \( c \) and \(n \) have no common factor either (because if \( d|c \) and \( d|n \), then \( d|ab \) as well, because \( ab = c+nx \) for some integer \(x\)).

This property, together with other basic properties of multiplication mod \( n \), imply that \({\mathbb Z}_n^* \) is a group under multiplication.

For any element \( a \in {\mathbb Z}_n^* \), consider the sequence of its powers \( 1,a,a^2,a^3,\ldots\) mod \( n \). All of the powers of \( a \) are in the finite set \( {\mathbb Z}_n^*\), so the sequence of powers of \( a \) repeats eventually. In fact, Euler's theorem implies that it repeats with period \( \phi(n) \):
\[
a^0 \equiv 1 \equiv a^{\phi(n)} \pmod n.
\]

So another characterization of primitive roots in terms of this sequence is: Primitive roots are the elements \( a \in {\mathbb Z}_n^* \) for which the sequence of powers of \( a \) has minimum period \( \phi(n) \).

The minimum period of the sequence of powers of \( a\) is called the order of \( a\). So \( a \) is a primitive root mod \( n \) if and only if the order of \( a \) is \( \phi(n)\).

\( {\mathbb Z}_9^* = \{ 1,2,4,5,7,8 \}. \)

The powers of \( 1 \) are \( 1,1,1,\ldots \). The order of \( 1 \) is \( 1 \).

The powers of \( 2 \) are \( 2,4,8,7,5,1, \ldots \). The order of \( 2 \) is \( 6 \).

The powers of \( 4 \) are \( 4,7,1,\ldots \). The order of \( 4 \) is \( 3 \).

The powers of \( 5 \) are \( 5,7,8,4,2,1, \ldots \). The order of \( 5 \) is \( 6 \).

The powers of \( 7 \) are \( 7,4,1, \ldots \). The order of \( 7 \) is \( 3 \).

The powers of \( 8 \) are \( 8,1, \ldots \). The order of \( 8 \) is \( 2 \).

So the primitive roots mod \( 9 \) are \( 2 \) and \( 5 \).

Existence of primitive roots

Primitive roots do not necessarily exist mod \( n \) for any \( n \). Here is a complete classification:

There are primitive roots mod \( n\) if and only if \(n = 1,2,4,p^k,\) or \( 2p^k \) where \( p \) is an odd prime.

Finding primitive roots

The proof of the theorem (part of which is presented below) is essentially non-constructive: that is, it does not give an effective way to find a primitive root when it exists. Once one primitive root \( g \) has been found, the others are easy to construct: simply take the powers \( g^a \) where \( a\) is relatively prime to \( \phi(n)\). But finding a primitive root efficiently is a difficult computational problem in general.

There are some special cases when it is easer to find them; for example:

Suppose \( p \) is a prime such that \( 2p+1 \) is also prime. (Such \( p \) are called Sophie Germain primes.) Show that if \( p \equiv 1 \) mod \(4\), then \(2 \) is a primitive root mod \( 2p+1 \).

Solution: The point is that the list of possible orders of elements of \( {\mathbb Z}_{2p+1}^* \) is very short: the order of \( 2 \) divides \( \phi(2p+1) = 2p \), so it is either \( 1,2,p,\) or \(2p\). It can't be \( 1 \) or \( 2 \), so we only need to rule out \( p \). But \( 2^p \equiv \left( \frac2{2p+1} \right) \) mod \( p \), where \( \left( \frac2{2p+1} \right) \) is the Legendre symbol; this is by Euler's criterion. But by the second supplement to quadratic reciprocity, \( \left( \frac2{2p+1} \right) =-1\) because \( 2p+1 \equiv 3 \) mod \( 8 \).

So the only remaining possibility is that the order of \( 2 \) mod \( 2p+1 \) is \( 2p \). \( \square \)

For instance, this shows that \( 2 \) is a primitive root mod \( 83 \).

So the question becomes: as \( a \) ranges over \( {\mathbb Z}_{p-1} \), how many values can \( ak \) mod \( p-1 \) take on? In fact, the extended Euclidean algorithm implies that \( \{ak+(p-1)c : k, c \in {\mathbb Z}\} \) is the set of multiples of gcd\((k,p-1)\). There are exactly
\[
\frac{p-1}{\text{gcd}(k,p-1)}
\]
such values, so this is the answer.

Here is another problem where it can help to write the elements of \( {\mathbb Z}_p^* \) as powers of a primitive root.

But \( \phi(a) \) and \( \phi(b) \) are both even, so their lcm is strictly less than their product. So the order of \( x \) is strictly less than \( \phi(a)\phi(b) = \phi(ab) \). So there is no primitive root mod \( ab \).

The only \( n \) that cannot be written in this way are \( 1,2,4,p^k,2p^k,\) and higher powers of \( 2 \). But for any odd \( x \),
\[
x^{2^{k-2}} \equiv 1 \pmod{2^k} \ (k \ge 3)
\]
which can be proved by the LTE lemma (or by induction). Since \(\phi(2^k) = 2^{k-1}\), there is no primitive root mod \( 2^k \) for \( k \ge 3 \).

Some of the proof of the other direction can be found in the wiki on orders.